By Steve Hawley, Piracy Monitor
Those in the know about piracy understand well that the technologies of piracy detection and countermeasures against it are only a part of the overall anti-piracy conversation. Creative industries and distributors are long past the point of needing to justify basic protections like DRM to guard the production and distribution of programming and digital assets against theft. Pay TV providers no longer question that their investments in conditional access have helped protect revenue. But piracy goes beyond the usual technology conversations.
Piracy happens everywhere and so should enforcement
“Not only does media piracy happen across the spectrum of content creation, distribution and consumption,” said Mark Mulready, who is Vice President of Cyber Services at Irdeto and Co-President of the European-focused Audiovisual Anti-Piracy Alliance (AAPA). “Piracy also transcends geographic boundaries.”
For example, when the European Union’s Agency for Law Enforcement (Europol) and the EU’s Agency for Criminal Justice (Eurojust) actively engage in anti-piracy operations, they are, by definition, EU-based. Teaming with Interpol extends their reach to jurisdictions outside the EU.
Interpol’s recent Stop Online Piracy Initiative (ISOP) should extend the ability of law enforcement to address piracy on a broader global basis. This five year program was initiated earlier this year in response to the boom in piracy during the COVID pandemic; in collaboration with the Republic of Korea’s National Police and Ministry of Culture.
Piracy results in more than just media theft
Piracy happens when hackers find and exploit gaps in security, and these gaps can be anywhere. In order to extend their profit potential beyond the theft of media content and services themselves, pirates infect consumers with malware and engage in extortion. The range of vulnerabilities in today’s media ecosystem extend from the in-home office to the work office; from the TV room, to your email, through gaming platforms, messaging apps, and on the go. According to a 2021 study, ransomware increased by 311% from 2019 to 2020.
Often, these attacks start with phishing, with a goal of gaining access to user data and valuable content. A piracy operation might purchase a large database through a clandestine online marketplace, and then use them against media accounts. There are multiple business models. One is to use credential stuffing to identify valid media accounts, and then resell the credentials that work. A variant on that approach is to sell illicit streaming devices or apps with these credentials pre-installed. A third is to use stolen credentials to access and steal content to redistribute illegally.
By impersonating a trusted source, consumers could be tricked into downloading an update that deposits ransomware. One source reported a social engineering attack using a social messaging platform with a voice recording claiming to be a company’s CEO. One recipient became suspicious and reported it to the company’s security team; fortunately, before it was widely distributed.
Cyber wars are here to stay
Over the past year, news of high-profile cyber-attacks has become increasingly common, begging the question as to whether these have become a fact of life and an unfortunate by-product of the digital age. “Yes cyber security breaches are still quite a new field and criminals are always early adapters of new technology,” said Mark Mulready. “I think it will become worse in the short term, but as it becomes more and more clear how vulnerable our digital infrastructure is to attack, there will be a more robust response and it will get better in the long term.”
Mulready remarked that a similar evolution has taken place with respect to piracy and security threats in video entertainment; from smartcards, to control word sharing to streaming rebroadcasting piracy to credential stuffing and theft to exploiting weakness in OTT infrastructure.
Media piracy and cyber threats collide
Cyber threats have direct impact on broadcasters, video distributors, movie studios and TV programmers alike. All of them must think about infrastructure. “They must consider where the requests for programming or service access are coming from, and must also consider where the programming is going,” said Mulready. “They must consider external IP addresses, for example, especially in these times of mergers and acquisitions in the media business. Also, responsibilities must be clearly defined, and accountability assigned, or key security issues may be missed. Everything is interconnected, and hackers will go after the weakest links.”
Video providers should analyze CDN data by working from the content-originating side, forward to detect unknown sources and destinations, anomalies in account usage, numbers of devices per household, and anomalous content requests. They also can work from the pirate side, backward by identifying pirate streams coming from a customer’s CDN and trace to the source.
The current state of play
Mark Mulready reflected that “It’s amazing to me how ransomware attackers have been operating for so long with impunity. Authorities have been slow to respond to it, but given the level of infringement, awareness is growing, and with it, action. Education also plays a role. We should remember that the most vulnerable segment is small businesses, who perhaps don’t have the knowledge and funds to adequately protect their networks,” he said.
“National initiatives like StopRansomware.gov will help these organizations and many more to take simple steps to protect their networks and respond to ransomware incidents. That initiative also provides a centralized reporting hub. We see an increase in companies increasing their spend on cybersecurity. Staff awareness campaigns and training are very important, as most ransomware attacks start with a phishing exploit,” said Mulready.
“In Europe we have the ‘No More Ransom’ website, an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre supported by security companies with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
It takes teamwork
Commercial scale piracy operations run across jurisdictions and enforcement processes. By the time evidence is collected and enforcement becomes possible, pirates may already have moved on. In many cases, it takes years to build evidence, involving multiple technology suppliers, associations in the broadcast, movie and pay TV industries, and, law enforcement and government agencies at local, regional and national levels.
Online service providers that operate in the US and EU are also hopeful for a global process to pursue copyright infringement, and not one with regional differences to navigate.
In the United States, an update to the Digital Millennium Copyright Act of 1998 (DMCA) is underway, which among other things, will modernize the process of notification and takedown to remove loopholes that pirates exploit by moving their distribution to new online access points. Details via the bill’s co-sponsor, US Senator Thom Tillis, can be found here. Further analysis of the pending revision of the US Digital Millennium Copyright Act an be found here.
The EU’s counterpart to the DMCA, the Digital Services Act, will require distribution intermediaries to ensure authentic and verifiable communition, a notification and takedown process, and a trusted ‘flagger’ program.
The hope is that these simultaneous initiatives will function in harmony.
Trends and practices
Piracy and cybersecurity are areas that require acute awareness, assignment of responsibility, long-range planning, and collaboration. Mark Mulready offered a range of suggestions toward what to do next.
“Action is not a single ‘one and done’ process. Video providers should perform an OTT platform assessment and an architectural review. Apply DRM best practices. Establish a zero-trust architecture with rules-based access controls and encryption at-rest to better resist internal and external attacks on data repositories. Test and audit physical security, mobile devices, network performance. Develop a security action plan. Perform code reviews.”
It’s also important to develop an ongoing threat risk and cyber-intelligence “eyes-and-ears” operation that performs interactive monitoring of piracy communities, and dark web monitoring and analysis to better understand the threat landscape and to understand their current practices.
The path going forward
Asked for some final take-aways, Mulready said “Think before placing your data in places you may not need to. The less customer data you have, the lower the impact of a compromise. Assume that everything can be compromised, remain vigilant and constantly monitor for threats. Keep assessing your infrastructure, your capabilities, your plans and your levels of security.
“Enable multi-factor authentication wherever possible and use password managers to create strong and unique passwords for every online resource that you use. Respond quickly: all the monitoring in the world is useless if you’re not able and ready to act against the threats. The threats evolve rapidly so your readiness to respond should too”
[ Note: Piracy Monitor is grateful to Irdeto as a sponsoring supporter. However, opinions expressed by Piracy Monitor are independent. ]
Steve Hawley is managing director of Piracy Monitor, a newsletter and informational Web site with a dedicated focus on piracy and anti-piracy solutions, for media industry stakeholders and for creative professionals who are vulnerable to piracy. Mr Hawley’s consultancy tvstrategies (Advanced Media Strategies LLC), offers research and consulting services to video providers and to suppliers of technology and professional services that serve the video industry. He also contributes to the Artificial Intelligence and Machine Learning working group within SCTE, and is a contributing analyst to Parks Associates and S&P Global Market Intelligence.